Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected by Sirefef and Babylon hijacks, etc. [Solved]


  • This topic is locked This topic is locked

#1
RESBAK

RESBAK

    Member

  • Member
  • PipPip
  • 36 posts
Hello, I am helping a friend clean this but we are unable to and we would like to ask for some help :D

Issues:

Microsoft Security Essentials got uninstalled (my friend swears he did not touch or uninstall anything), Windows firewall will not turn on, antivirus programs can detect the infection but is unable to clean it (used MBAM, MSE, Avast so far). Google Chrome also keeps getting random redirects and the search for Chrome and IE keeps defaulting to Babylon.

What we have done so far:

Ran MBAM, MSE, Avast and Spybot but after reboot, Sirefef keeps coming back. Another friend tried to help a few days ago but I am not sure what they did. I am also connected to his computer at this moment.

OTL log:


OTL logfile created on: 6/12/2012 9:30:18 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\ALMOGUERRA\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.94 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 54.98% Memory free
12.07 Gb Paging File | 9.75 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.69 Gb Total Space | 685.37 Gb Free Space | 74.44% Space Free | Partition Type: NTFS
Drive G: | 7.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALMOGUERRA-PC | User Name: ALMOGUERRA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 09:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ALMOGUERRA\Desktop\OTL.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/01 12:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\ALMOGUERRA\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2010/09/14 19:17:52 | 001,830,400 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/07/28 18:08:50 | 006,870,376 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
PRC - [2010/07/28 18:08:50 | 000,564,072 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/05 21:32:34 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/11/05 21:32:34 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/09 15:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2008/09/08 12:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 12:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/03 20:36:04 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/01 12:42:32 | 000,083,352 | ---- | M] () -- C:\Users\ALMOGUERRA\AppData\Roaming\mjusbsp\octvqem_apiw.dll
MOD - [2010/07/28 18:08:52 | 000,021,864 | ---- | M] () -- C:\Program Files (x86)\TWC\DigiDo\AffinegyServicePS.dll
MOD - [2010/07/28 17:50:54 | 000,813,568 | ---- | M] () -- C:\Program Files (x86)\TWC\DigiDo\gateways\MotorolaSBG900LOC.dll
MOD - [2008/01/20 21:48:39 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2008/01/20 21:48:39 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/10/01 21:18:48 | 000,369,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/09/29 19:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV:64bit: - [2008/09/19 13:06:24 | 000,108,832 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/05 15:00:06 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/26 19:16:24 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2011/09/26 19:16:16 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 16:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/14 19:17:52 | 001,830,400 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010/07/28 18:08:50 | 000,564,072 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/11/12 03:05:32 | 000,141,344 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/11/05 21:32:34 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/21 13:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 13:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 13:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/08 12:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 12:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 12:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 20:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/09 00:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/20 04:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 04:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 04:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/02/07 13:07:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/02/07 13:07:04 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/02/07 13:06:56 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/08 17:25:00 | 000,647,242 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/11 23:02:42 | 000,050,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\rrysocbg.sys -- (rrysocbg)
DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:02:05 | 000,043,864 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/09/26 19:17:08 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/09/16 16:10:50 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 16:10:24 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/22 19:02:17 | 000,085,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 19:02:08 | 000,076,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/10/21 19:01:29 | 000,021,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/10/21 19:01:28 | 000,133,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/10/21 19:01:28 | 000,095,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/10/21 19:01:04 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/10/20 19:04:26 | 001,168,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/20 19:01:42 | 000,316,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/08/21 19:06:22 | 000,011,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/07/12 19:00:24 | 001,027,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2008/06/23 01:28:00 | 001,217,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerBDA716x_x64.sys -- (AVerBDA6x_x64)
DRV:64bit: - [2008/06/19 19:37:17 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2008/05/28 05:23:40 | 000,154,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/24 17:06:42 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/04/16 23:51:50 | 000,014,112 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/09/16 16:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2008/08/22 19:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNYR&bmod=SNYR
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNYR
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000214ffb1383
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SNYR_enUS356
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{7B656671-6FF2-4D3B-A9D3-8063B327EE03}: "URL" = http://websearch.ask...3A-08ECD545584B
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{C00744D7-4B71-4425-9952-9167F78C100F}: "URL" = http://search.yahoo....0414,6901,0,8,0
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000214ffb1383
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SNYR_enUS356
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{7B656671-6FF2-4D3B-A9D3-8063B327EE03}: "URL" = http://websearch.ask...3A-08ECD545584B
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{C00744D7-4B71-4425-9952-9167F78C100F}: "URL" = http://search.yahoo....0414,6901,0,8,0
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52545


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ALMOGUERRA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ALMOGUERRA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2011/07/12 06:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALMOGUERRA\AppData\Roaming\Mozilla\Extensions
[2009/12/09 12:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALMOGUERRA\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/12 06:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 09:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 04:54:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...m&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\ALMOGUERRA\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.5_0\
CHR - Extension: YouTube = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\
CHR - Extension: avast! WebRep = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/10 22:40:56 | 000,442,086 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15215 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000..\Run: [cdloader] C:\Users\ALMOGUERRA\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{616DCE37-90F0-4937-9A44-6C1E5B37ABDF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/08 17:33:29 | 000,000,000 | R--D | M] - G:\autorun -- [ UDF ]
O32 - AutoRun File - [2005/12/06 17:18:38 | 001,695,744 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/11/18 16:44:26 | 000,000,049 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 09:23:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ALMOGUERRA\Desktop\OTL.exe
[2012/06/11 23:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/06/11 23:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/11 23:45:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/11 23:45:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/11 23:31:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/11 20:18:27 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/11 20:11:39 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\Desktop\RK_Quarantine
[2012/06/10 22:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/10 22:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/10 22:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/24 12:31:44 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\Documents\Command and Conquer Generals Zero Hour Data
[2012/05/21 19:46:31 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\AppData\Roaming\Auslogics

========== Files - Modified Within 30 Days ==========

[2012/06/12 09:23:46 | 000,043,034 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/12 09:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ALMOGUERRA\Desktop\OTL.exe
[2012/06/12 09:15:14 | 000,043,034 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/12 09:01:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000UA.job
[2012/06/12 09:00:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 09:00:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 08:50:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 06:06:36 | 000,000,912 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\magicJack.lnk
[2012/06/11 23:46:18 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/11 23:46:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/11 23:38:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/11 23:32:04 | 000,653,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/11 23:32:04 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/11 23:08:02 | 000,776,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/11 23:02:42 | 000,050,000 | ---- | M] () -- C:\Windows\SysNative\drivers\rrysocbg.sys
[2012/06/11 23:00:37 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 23:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 22:59:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/10 22:47:08 | 000,790,984 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/10 22:40:56 | 000,442,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/10 22:40:16 | 000,442,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120610-224056.backup
[2012/06/10 22:38:49 | 000,000,802 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/06/10 22:07:06 | 000,001,097 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\Spybot - Search & Destroy.lnk
[2012/06/10 21:25:38 | 000,002,067 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\Google Chrome.lnk
[2012/06/10 21:25:38 | 000,002,029 | ---- | M] () -- C:\Users\ALMOGUERRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/10 16:01:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000Core.job
[2012/06/10 09:26:50 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/06/01 22:14:33 | 000,000,112 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\Chikka Still the Best Way to Send Free Text Messages.URL

========== Files Created - No Company Name ==========

[2012/06/11 23:46:18 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/11 23:46:16 | 000,024,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/11 23:46:15 | 000,337,240 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/11 23:46:11 | 000,043,864 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/06/11 23:46:10 | 000,059,224 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/11 23:46:08 | 000,819,032 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/11 23:46:07 | 000,069,976 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/11 23:02:39 | 000,050,000 | ---- | C] () -- C:\Windows\SysNative\drivers\rrysocbg.sys
[2012/06/10 22:07:06 | 000,001,097 | ---- | C] () -- C:\Users\ALMOGUERRA\Desktop\Spybot - Search & Destroy.lnk
[2012/06/10 09:26:50 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/04/05 15:12:34 | 000,051,186 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Roaming\room_v3.dat
[2011/12/31 19:47:39 | 000,075,888 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\rx_audio.Cache
[2011/12/31 19:47:08 | 000,385,552 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\rx_image32.Cache
[2011/12/18 21:42:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/18 21:42:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/18 21:42:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/18 21:42:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/18 21:42:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/12 19:52:34 | 000,000,732 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\d3d9caps64.dat
[2011/07/09 22:03:03 | 000,024,088 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Roaming\UserTile.png
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/02/21 22:11:30 | 000,000,680 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\d3d9caps.dat
[2010/11/03 17:41:41 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/03 17:41:41 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== LOP Check ==========

[2012/06/11 22:59:10 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets try and remove this for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV:64bit: - [2012/06/11 23:02:42 | 000,050,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\rrysocbg.sys -- (rrysocbg)
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000214ffb1383
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{7B656671-6FF2-4D3B-A9D3-8063B327EE03}: "URL" = http://websearch.ask...3A-08ECD545584B
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000214ffb1383
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{7B656671-6FF2-4D3B-A9D3-8063B327EE03}: "URL" = http://websearch.ask...3A-08ECD545584B
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
    IE - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52545
    [2010/09/14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3553525114-283763260-1387714544-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3553525114-283763260-1387714544-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2012/06/11 23:02:39 | 000,050,000 | ---- | C] () -- C:\Windows\SysNative\drivers\rrysocbg.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
RESBAK

RESBAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
TDSSKiller log (it did not give me the Cure option):

15:11:42.0269 5488 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:11:42.0737 5488 ============================================================
15:11:42.0737 5488 Current date / time: 2012/06/12 15:11:42.0737
15:11:42.0737 5488 SystemInfo:
15:11:42.0737 5488
15:11:42.0737 5488 OS Version: 6.0.6001 ServicePack: 1.0
15:11:42.0737 5488 Product type: Workstation
15:11:42.0737 5488 ComputerName: ALMOGUERRA-PC
15:11:42.0737 5488 UserName: ALMOGUERRA
15:11:42.0737 5488 Windows directory: C:\Windows
15:11:42.0737 5488 System windows directory: C:\Windows
15:11:42.0737 5488 Running under WOW64
15:11:42.0737 5488 Processor architecture: Intel x64
15:11:42.0737 5488 Number of processors: 2
15:11:42.0737 5488 Page size: 0x1000
15:11:42.0737 5488 Boot type: Normal boot
15:11:42.0737 5488 ============================================================
15:11:44.0563 5488 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:44.0641 5488 Drive \Device\Harddisk3\DR3 - Size: 0x11C0000 (0.02 Gb), SectorSize: 0x200, Cylinders: 0x2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:11:44.0656 5488 ============================================================
15:11:44.0656 5488 \Device\Harddisk0\DR0:
15:11:44.0656 5488 MBR partitions:
15:11:44.0656 5488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x15A4800, BlocksNum 0x73161DB0
15:11:44.0656 5488 \Device\Harddisk3\DR3:
15:11:44.0656 5488 Invalid mbr signature
15:11:44.0656 5488 ============================================================
15:11:44.0797 5488 C: <-> \Device\Harddisk0\DR0\Partition0
15:11:44.0797 5488 ============================================================
15:11:44.0797 5488 Initialize success
15:11:44.0797 5488 ============================================================
15:12:14.0437 5144 ============================================================
15:12:14.0437 5144 Scan started
15:12:14.0437 5144 Mode: Manual; SigCheck; TDLFS;
15:12:14.0437 5144 ============================================================
15:12:17.0900 5144 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:12:18.0009 5144 ACDaemon - ok
15:12:18.0383 5144 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
15:12:18.0399 5144 ACPI - ok
15:12:18.0493 5144 AdobeActiveFileMonitor4.0 (2486c8e3f14496341e90cf2ab8bc82ed) C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
15:12:18.0555 5144 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - warning
15:12:18.0555 5144 AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
15:12:18.0836 5144 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:12:18.0836 5144 AdobeARMservice - ok
15:12:18.0898 5144 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:12:18.0992 5144 adp94xx - ok
15:12:19.0054 5144 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:12:19.0070 5144 adpahci - ok
15:12:19.0226 5144 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:12:19.0273 5144 adpu160m - ok
15:12:19.0304 5144 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:12:19.0304 5144 adpu320 - ok
15:12:19.0351 5144 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:12:19.0413 5144 AeLookupSvc - ok
15:12:19.0522 5144 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
15:12:19.0600 5144 AFD - ok
15:12:20.0302 5144 AffinegyService (6da3bb2e5a12a7ee7b91e97ab8950f35) C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
15:12:20.0318 5144 AffinegyService - ok
15:12:20.0380 5144 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:12:20.0411 5144 agp440 - ok
15:12:20.0443 5144 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:12:20.0458 5144 aic78xx - ok
15:12:20.0474 5144 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:12:20.0536 5144 ALG - ok
15:12:20.0536 5144 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:12:20.0552 5144 aliide - ok
15:12:20.0552 5144 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:12:20.0567 5144 amdide - ok
15:12:20.0567 5144 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:12:20.0614 5144 AmdK8 - ok
15:12:20.0677 5144 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:12:20.0723 5144 Appinfo - ok
15:12:20.0989 5144 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:12:21.0004 5144 Apple Mobile Device - ok
15:12:21.0035 5144 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:12:21.0051 5144 arc - ok
15:12:21.0082 5144 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:12:21.0098 5144 arcsas - ok
15:12:21.0129 5144 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:12:21.0129 5144 ArcSoftKsUFilter - ok
15:12:21.0285 5144 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
15:12:21.0301 5144 aswFsBlk - ok
15:12:21.0613 5144 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
15:12:21.0628 5144 aswMonFlt - ok
15:12:21.0691 5144 AswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\AswRdr.sys
15:12:21.0706 5144 AswRdr - ok
15:12:22.0190 5144 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
15:12:22.0221 5144 aswSnx - ok
15:12:22.0330 5144 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
15:12:22.0377 5144 aswSP - ok
15:12:22.0439 5144 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
15:12:22.0455 5144 aswTdi - ok
15:12:22.0486 5144 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:12:22.0549 5144 AsyncMac - ok
15:12:22.0580 5144 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
15:12:22.0580 5144 atapi - ok
15:12:22.0923 5144 athr (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
15:12:23.0063 5144 athr - ok
15:12:23.0126 5144 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
15:12:23.0219 5144 AudioEndpointBuilder - ok
15:12:23.0235 5144 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
15:12:23.0297 5144 AudioSrv - ok
15:12:23.0719 5144 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:12:23.0734 5144 avast! Antivirus - ok
15:12:25.0154 5144 AVerAVF2 (1b1db2ff2168742d9195e483b7d41de6) C:\Windows\system32\DRIVERS\AVerAVF2.sys
15:12:25.0357 5144 AVerAVF2 - ok
15:12:25.0450 5144 AVerBDA6x_x64 (fd3db8e653f19381868d855ae53715cd) C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys
15:12:25.0544 5144 AVerBDA6x_x64 - ok
15:12:26.0137 5144 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:12:26.0152 5144 BcmSqlStartupSvc - ok
15:12:26.0651 5144 Beep - ok
15:12:27.0135 5144 BFE (b66aebf3b7073473468b941629242fbd) C:\Windows\System32\bfe.dll
15:12:27.0291 5144 BFE - ok
15:12:27.0385 5144 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\system32\qmgr.dll
15:12:27.0478 5144 BITS - ok
15:12:27.0603 5144 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:12:27.0697 5144 blbdrive - ok
15:12:28.0305 5144 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:12:28.0399 5144 Bonjour Service - ok
15:12:28.0679 5144 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
15:12:28.0742 5144 bowser - ok
15:12:28.0773 5144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:12:28.0835 5144 BrFiltLo - ok
15:12:28.0835 5144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:12:28.0898 5144 BrFiltUp - ok
15:12:28.0913 5144 BridgeMP (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
15:12:28.0991 5144 BridgeMP - ok
15:12:29.0023 5144 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:12:29.0085 5144 Browser - ok
15:12:29.0101 5144 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:12:29.0147 5144 Brserid - ok
15:12:29.0163 5144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:12:29.0225 5144 BrSerWdm - ok
15:12:29.0225 5144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:12:29.0288 5144 BrUsbMdm - ok
15:12:29.0303 5144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:12:29.0381 5144 BrUsbSer - ok
15:12:29.0444 5144 BthEnum (d4a3ae275d21b294f9b26f84748054d5) C:\Windows\system32\DRIVERS\BthEnum.sys
15:12:29.0475 5144 BthEnum - ok
15:12:29.0600 5144 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:12:29.0678 5144 BTHMODEM - ok
15:12:29.0709 5144 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
15:12:29.0740 5144 BthPan - ok
15:12:30.0395 5144 BTHPORT (04e4907fcb00cdfaca052dea6462b01b) C:\Windows\system32\Drivers\BTHport.sys
15:12:30.0551 5144 BTHPORT - ok
15:12:30.0583 5144 BthServ (90e967b4bb5556edc9c2ea0eb653d1b2) C:\Windows\System32\bthserv.dll
15:12:30.0614 5144 BthServ - ok
15:12:30.0676 5144 BTHUSB (fd8f6802d7564046d933093705f9b9b4) C:\Windows\system32\Drivers\BTHUSB.sys
15:12:30.0707 5144 BTHUSB - ok
15:12:30.0910 5144 btwaudio (af1d3519b4914100b07cc396020836f5) C:\Windows\system32\drivers\btwaudio.sys
15:12:30.0926 5144 btwaudio - ok
15:12:30.0988 5144 btwavdt (9b87dd0c292c857a3461739fc99bd9ca) C:\Windows\system32\drivers\btwavdt.sys
15:12:30.0988 5144 btwavdt - ok
15:12:31.0753 5144 btwdins (e090e9f1a10ab395b138357f2c600082) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:12:31.0784 5144 btwdins - ok
15:12:31.0831 5144 btwl2cap (d33875ca5940f2e0ed06fb74d556e2db) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:12:31.0831 5144 btwl2cap - ok
15:12:31.0862 5144 btwrchid (09b9b17ed78e0307798ceb9904f1a4c5) C:\Windows\system32\DRIVERS\btwrchid.sys
15:12:31.0862 5144 btwrchid - ok
15:12:31.0940 5144 catchme - ok
15:12:31.0971 5144 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:12:32.0002 5144 cdfs - ok
15:12:32.0018 5144 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
15:12:32.0080 5144 cdrom - ok
15:12:32.0111 5144 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
15:12:32.0158 5144 CertPropSvc - ok
15:12:32.0564 5144 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:12:32.0564 5144 CinemaNow Service - ok
15:12:32.0689 5144 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
15:12:32.0782 5144 circlass - ok
15:12:32.0969 5144 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
15:12:33.0016 5144 CLFS - ok
15:12:33.0547 5144 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:12:34.0701 5144 clr_optimization_v2.0.50727_32 - ok
15:12:35.0231 5144 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:12:35.0247 5144 clr_optimization_v2.0.50727_64 - ok
15:12:35.0387 5144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:12:35.0528 5144 clr_optimization_v4.0.30319_32 - ok
15:12:35.0965 5144 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:12:35.0980 5144 clr_optimization_v4.0.30319_64 - ok
15:12:36.0089 5144 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:12:36.0167 5144 cmdide - ok
15:12:36.0230 5144 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:12:36.0245 5144 Compbatt - ok
15:12:36.0245 5144 COMSysApp - ok
15:12:36.0277 5144 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:12:36.0277 5144 crcdisk - ok
15:12:36.0589 5144 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
15:12:36.0667 5144 CryptSvc - ok
15:12:36.0745 5144 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
15:12:36.0901 5144 DcomLaunch - ok
15:12:37.0072 5144 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
15:12:37.0103 5144 DfsC - ok
15:12:38.0211 5144 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
15:12:38.0398 5144 DFSR - ok
15:12:38.0851 5144 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
15:12:38.0913 5144 Dhcp - ok
15:12:38.0960 5144 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
15:12:38.0991 5144 disk - ok
15:12:39.0007 5144 DMICall - ok
15:12:39.0038 5144 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
15:12:39.0131 5144 Dnscache - ok
15:12:39.0147 5144 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
15:12:39.0194 5144 dot3svc - ok
15:12:39.0225 5144 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:12:39.0287 5144 DPS - ok
15:12:39.0319 5144 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:12:39.0365 5144 drmkaud - ok
15:12:39.0865 5144 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
15:12:40.0099 5144 DXGKrnl - ok
15:12:40.0145 5144 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:12:40.0270 5144 E1G60 - ok
15:12:40.0317 5144 e1yexpress (50f95e488c99ae2b0d9def392acc61fc) C:\Windows\system32\DRIVERS\e1y60x64.sys
15:12:40.0333 5144 e1yexpress - ok
15:12:40.0411 5144 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:12:40.0691 5144 EapHost - ok
15:12:40.0847 5144 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
15:12:40.0863 5144 Ecache - ok
15:12:40.0894 5144 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:12:40.0957 5144 ehRecvr - ok
15:12:40.0988 5144 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:12:41.0050 5144 ehSched - ok
15:12:41.0097 5144 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:12:41.0144 5144 ehstart - ok
15:12:41.0315 5144 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:12:41.0409 5144 elxstor - ok
15:12:41.0893 5144 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
15:12:41.0971 5144 EMDMgmt - ok
15:12:42.0049 5144 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:12:42.0158 5144 ErrDev - ok
15:12:42.0361 5144 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
15:12:42.0392 5144 EventSystem - ok
15:12:42.0423 5144 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
15:12:42.0454 5144 exfat - ok
15:12:42.0595 5144 Fabs - ok
15:12:42.0626 5144 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
15:12:42.0673 5144 fastfat - ok
15:12:42.0704 5144 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:12:42.0985 5144 fdc - ok
15:12:42.0985 5144 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:12:43.0016 5144 fdPHost - ok
15:12:43.0203 5144 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:12:43.0468 5144 FDResPub - ok
15:12:43.0593 5144 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:12:43.0640 5144 FileInfo - ok
15:12:43.0671 5144 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:12:43.0827 5144 Filetrace - ok
15:12:45.0247 5144 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:12:45.0637 5144 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
15:12:45.0637 5144 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
15:12:46.0183 5144 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:12:46.0276 5144 flpydisk - ok
15:12:46.0775 5144 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
15:12:46.0822 5144 FltMgr - ok
15:12:47.0134 5144 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:12:47.0150 5144 FontCache3.0.0.0 - ok
15:12:47.0181 5144 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:12:47.0212 5144 Fs_Rec - ok
15:12:47.0446 5144 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:12:47.0462 5144 gagp30kx - ok
15:12:47.0743 5144 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:12:47.0743 5144 GEARAspiWDM - ok
15:12:47.0805 5144 GGSAFERDriver - ok
15:12:48.0008 5144 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
15:12:48.0070 5144 gpsvc - ok
15:12:48.0367 5144 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:12:48.0367 5144 gupdate - ok
15:12:48.0445 5144 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:12:48.0445 5144 gupdatem - ok
15:12:48.0507 5144 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:12:48.0523 5144 gusvc - ok
15:12:48.0554 5144 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
15:12:48.0632 5144 HdAudAddService - ok
15:12:48.0819 5144 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:12:48.0881 5144 HDAudBus - ok
15:12:48.0913 5144 HECIx64 (72d70bcf68c092978bfcd32f88bd6454) C:\Windows\system32\DRIVERS\HECIx64.sys
15:12:48.0928 5144 HECIx64 - ok
15:12:48.0944 5144 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:12:48.0991 5144 HidBth - ok
15:12:49.0037 5144 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
15:12:49.0084 5144 HidIr - ok
15:12:49.0147 5144 hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\System32\hidserv.dll
15:12:49.0256 5144 hidserv - ok
15:12:49.0412 5144 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
15:12:49.0474 5144 HidUsb - ok
15:12:49.0521 5144 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:12:49.0552 5144 hkmsvc - ok
15:12:49.0583 5144 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:12:49.0583 5144 HpCISSs - ok
15:12:49.0973 5144 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
15:12:50.0051 5144 HTTP - ok
15:12:50.0379 5144 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:12:50.0441 5144 i2omp - ok
15:12:50.0457 5144 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:12:50.0504 5144 i8042prt - ok
15:12:50.0535 5144 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:12:50.0629 5144 iaStorV - ok
15:12:51.0081 5144 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:12:51.0159 5144 idsvc - ok
15:12:51.0159 5144 igfx - ok
15:12:51.0175 5144 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:12:51.0190 5144 iirsp - ok
15:12:51.0549 5144 IKEEXT (f6b541b5b8ffc17e91c2697a39c80fe4) C:\Windows\System32\ikeext.dll
15:12:51.0611 5144 IKEEXT - ok
15:12:52.0906 5144 IntcAzAudAddService (e6ad224a57cfc3dbf4ea10c801a09630) C:\Windows\system32\drivers\RTKVHD64.sys
15:12:52.0953 5144 IntcAzAudAddService - ok
15:12:54.0357 5144 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:12:54.0357 5144 intelide - ok
15:12:54.0575 5144 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:12:54.0653 5144 intelppm - ok
15:12:54.0700 5144 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:12:54.0747 5144 IPBusEnum - ok
15:12:55.0012 5144 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:12:55.0043 5144 IpFilterDriver - ok
15:12:55.0090 5144 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
15:12:55.0121 5144 iphlpsvc - ok
15:12:55.0121 5144 IpInIp - ok
15:12:55.0137 5144 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:12:55.0168 5144 IPMIDRV - ok
15:12:55.0168 5144 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:12:55.0231 5144 IPNAT - ok
15:12:56.0026 5144 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:12:56.0120 5144 iPod Service - ok
15:12:56.0167 5144 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:12:56.0307 5144 IRENUM - ok
15:12:56.0338 5144 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:12:56.0354 5144 isapnp - ok
15:12:56.0369 5144 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
15:12:56.0385 5144 iScsiPrt - ok
15:12:56.0385 5144 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:12:56.0401 5144 iteatapi - ok
15:12:56.0401 5144 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:12:56.0416 5144 iteraid - ok
15:12:56.0463 5144 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:12:56.0463 5144 IviRegMgr - ok
15:12:56.0479 5144 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:12:56.0494 5144 kbdclass - ok
15:12:56.0666 5144 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:12:56.0759 5144 kbdhid - ok
15:12:56.0806 5144 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
15:12:56.0900 5144 KeyIso - ok
15:12:57.0087 5144 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
15:12:57.0165 5144 KSecDD - ok
15:12:57.0196 5144 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:12:57.0274 5144 ksthunk - ok
15:12:57.0337 5144 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:12:57.0477 5144 KtmRm - ok
15:12:57.0633 5144 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
15:12:57.0664 5144 LanmanServer - ok
15:12:57.0820 5144 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
15:12:57.0867 5144 LanmanWorkstation - ok
15:12:58.0070 5144 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:12:58.0101 5144 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:12:58.0101 5144 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:12:58.0179 5144 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:12:58.0273 5144 lltdio - ok
15:12:58.0491 5144 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:12:58.0585 5144 lltdsvc - ok
15:12:58.0616 5144 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:12:58.0678 5144 lmhosts - ok
15:12:58.0943 5144 LMIGuardianSvc (e01fded75312652de448e5aa792afa59) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
15:12:58.0959 5144 LMIGuardianSvc - ok
15:12:59.0021 5144 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
15:12:59.0037 5144 LMIInfo - ok
15:12:59.0240 5144 LMIMaint (be53cf6e8ffef255988209a35f184f9f) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
15:12:59.0240 5144 LMIMaint - ok
15:12:59.0318 5144 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
15:12:59.0318 5144 lmimirr - ok
15:12:59.0365 5144 LMIRfsClientNP - ok
15:12:59.0396 5144 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
15:12:59.0411 5144 LMIRfsDriver - ok
15:12:59.0443 5144 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
15:12:59.0458 5144 LogMeIn - ok
15:12:59.0583 5144 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:12:59.0599 5144 LSI_FC - ok
15:12:59.0630 5144 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:12:59.0692 5144 LSI_SAS - ok
15:12:59.0692 5144 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:12:59.0708 5144 LSI_SCSI - ok
15:12:59.0723 5144 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:12:59.0786 5144 luafv - ok
15:12:59.0817 5144 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:12:59.0864 5144 Mcx2Svc - ok
15:12:59.0973 5144 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:13:00.0004 5144 megasas - ok
15:13:00.0035 5144 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:13:00.0067 5144 MegaSR - ok
15:13:00.0082 5144 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:13:00.0129 5144 MMCSS - ok
15:13:00.0145 5144 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:13:00.0191 5144 Modem - ok
15:13:00.0332 5144 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:13:00.0363 5144 monitor - ok
15:13:00.0379 5144 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:13:00.0379 5144 mouclass - ok
15:13:00.0410 5144 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:13:00.0457 5144 mouhid - ok
15:13:00.0472 5144 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:13:00.0488 5144 MountMgr - ok
15:13:00.0519 5144 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:13:00.0535 5144 mpio - ok
15:13:00.0550 5144 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:13:00.0597 5144 mpsdrv - ok
15:13:00.0691 5144 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:13:00.0706 5144 Mraid35x - ok
15:13:00.0722 5144 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
15:13:00.0769 5144 MRxDAV - ok
15:13:00.0971 5144 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:13:01.0003 5144 mrxsmb - ok
15:13:01.0096 5144 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:13:01.0205 5144 mrxsmb10 - ok
15:13:01.0252 5144 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:13:01.0283 5144 mrxsmb20 - ok
15:13:01.0361 5144 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:13:01.0377 5144 msahci - ok
15:13:01.0611 5144 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
15:13:01.0627 5144 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
15:13:01.0627 5144 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
15:13:02.0297 5144 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:13:02.0313 5144 msdsm - ok
15:13:02.0578 5144 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:13:02.0672 5144 MSDTC - ok
15:13:02.0750 5144 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:13:02.0843 5144 Msfs - ok
15:13:02.0859 5144 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:13:02.0875 5144 msisadrv - ok
15:13:02.0906 5144 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:13:02.0953 5144 MSiSCSI - ok
15:13:02.0968 5144 msiserver - ok
15:13:02.0999 5144 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:13:03.0062 5144 MSKSSRV - ok
15:13:03.0109 5144 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:13:03.0155 5144 MSPCLOCK - ok
15:13:03.0187 5144 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:13:03.0218 5144 MSPQM - ok
15:13:03.0686 5144 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
15:13:03.0701 5144 MsRPC - ok
15:13:03.0795 5144 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:13:03.0811 5144 mssmbios - ok
15:13:04.0013 5144 MSSQL$MSSMLBIZ - ok
15:13:04.0403 5144 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:13:04.0403 5144 MSSQLServerADHelper - ok
15:13:04.0435 5144 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:13:04.0497 5144 MSTEE - ok
15:13:04.0497 5144 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
15:13:04.0513 5144 Mup - ok
15:13:05.0168 5144 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
15:13:05.0199 5144 napagent - ok
15:13:05.0230 5144 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
15:13:05.0277 5144 NativeWifiP - ok
15:13:07.0227 5144 NBService (0d01287d85b3715fa8270e8ec919b7f7) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
15:13:07.0258 5144 NBService ( UnsignedFile.Multi.Generic ) - warning
15:13:07.0258 5144 NBService - detected UnsignedFile.Multi.Generic (1)
15:13:09.0193 5144 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
15:13:09.0271 5144 NDIS - ok
15:13:09.0286 5144 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:13:09.0364 5144 NdisTapi - ok
15:13:09.0442 5144 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:13:09.0489 5144 Ndisuio - ok
15:13:10.0129 5144 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
15:13:10.0160 5144 NdisWan - ok
15:13:10.0300 5144 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:13:10.0456 5144 NDProxy - ok
15:13:10.0487 5144 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:13:10.0519 5144 NetBIOS - ok
15:13:11.0111 5144 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
15:13:11.0143 5144 netbt - ok
15:13:11.0221 5144 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
15:13:11.0236 5144 Netlogon - ok
15:13:11.0735 5144 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:13:11.0813 5144 Netman - ok
15:13:11.0845 5144 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:13:11.0907 5144 netprofm - ok
15:13:12.0718 5144 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:13:12.0734 5144 NetTcpPortSharing - ok
15:13:12.0765 5144 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:13:12.0781 5144 nfrd960 - ok
15:13:12.0812 5144 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:13:12.0874 5144 NlaSvc - ok
15:13:14.0029 5144 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
15:13:14.0060 5144 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
15:13:14.0060 5144 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
15:13:14.0060 5144 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
15:13:14.0107 5144 Npfs - ok
15:13:14.0153 5144 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:13:14.0185 5144 nsi - ok
15:13:14.0231 5144 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:13:14.0294 5144 nsiproxy - ok
15:13:16.0774 5144 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
15:13:16.0883 5144 Ntfs - ok
15:13:17.0679 5144 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:13:17.0741 5144 Null - ok
15:13:25.0058 5144 nvlddmkm (234913760c6b8aede986753999cd973d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:13:25.0588 5144 nvlddmkm - ok
15:13:26.0899 5144 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:13:26.0914 5144 nvraid - ok
15:13:26.0914 5144 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:13:26.0930 5144 nvstor - ok
15:13:27.0788 5144 nvsvc (36e90da0fddc126905ed4a994b99a5bd) C:\Windows\system32\nvvsvc.exe
15:13:27.0881 5144 nvsvc - ok
15:13:27.0991 5144 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:13:28.0006 5144 nv_agp - ok
15:13:28.0006 5144 NwlnkFlt - ok
15:13:28.0006 5144 NwlnkFwd - ok
15:13:28.0693 5144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:13:28.0708 5144 odserv - ok
15:13:28.0927 5144 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
15:13:29.0005 5144 ohci1394 - ok
15:13:29.0504 5144 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:13:29.0504 5144 ose - ok
15:13:31.0360 5144 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
15:13:31.0532 5144 p2pimsvc - ok
15:13:31.0547 5144 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
15:13:31.0563 5144 p2psvc - ok
15:13:31.0922 5144 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
15:13:32.0000 5144 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
15:13:32.0000 5144 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
15:13:32.0109 5144 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:13:32.0171 5144 Parport - ok
15:13:32.0624 5144 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
15:13:32.0936 5144 partmgr - ok
15:13:33.0107 5144 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:13:33.0154 5144 PcaSvc - ok
15:13:33.0170 5144 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
15:13:33.0185 5144 pci - ok
15:13:33.0201 5144 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:13:33.0217 5144 pciide - ok
15:13:33.0778 5144 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:13:33.0981 5144 pcmcia - ok
15:13:34.0309 5144 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:13:34.0589 5144 PEAUTH - ok
15:13:35.0167 5144 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:13:35.0213 5144 PerfHost - ok
15:13:38.0536 5144 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:13:38.0755 5144 pla - ok
15:13:39.0613 5144 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
15:13:39.0675 5144 PlugPlay - ok
15:13:40.0751 5144 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
15:13:40.0798 5144 PNRPAutoReg - ok
15:13:40.0814 5144 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
15:13:40.0845 5144 PNRPsvc - ok
15:13:42.0311 5144 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
15:13:42.0467 5144 PolicyAgent - ok
15:13:42.0623 5144 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
15:13:42.0670 5144 PptpMiniport - ok
15:13:42.0701 5144 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:13:42.0733 5144 Processor - ok
15:13:43.0216 5144 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
15:13:43.0279 5144 ProfSvc - ok
15:13:43.0341 5144 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
15:13:43.0357 5144 ProtectedStorage - ok
15:13:43.0450 5144 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
15:13:43.0544 5144 PSched - ok
15:13:43.0715 5144 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:13:43.0715 5144 PxHlpa64 - ok
15:13:44.0105 5144 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:13:44.0121 5144 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
15:13:44.0121 5144 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
15:13:44.0277 5144 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:13:44.0324 5144 QBFCService ( UnsignedFile.Multi.Generic ) - warning
15:13:44.0324 5144 QBFCService - detected UnsignedFile.Multi.Generic (1)
15:13:44.0839 5144 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:13:44.0917 5144 ql2300 - ok
15:13:44.0932 5144 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:13:44.0948 5144 ql40xx - ok
15:13:44.0995 5144 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:13:45.0057 5144 QWAVE - ok
15:13:45.0088 5144 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:13:45.0104 5144 QWAVEdrv - ok
15:13:45.0135 5144 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:13:45.0166 5144 RasAcd - ok
15:13:45.0213 5144 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:13:45.0338 5144 RasAuto - ok
15:13:45.0525 5144 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:13:45.0556 5144 Rasl2tp - ok
15:13:45.0697 5144 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
15:13:45.0775 5144 RasMan - ok
15:13:45.0806 5144 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
15:13:45.0837 5144 RasPppoe - ok
15:13:46.0055 5144 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
15:13:46.0133 5144 RasSstp - ok
15:13:46.0820 5144 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
15:13:46.0867 5144 rdbss - ok
15:13:46.0913 5144 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:13:46.0976 5144 RDPCDD - ok
15:13:47.0210 5144 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:13:47.0241 5144 rdpdr - ok
15:13:47.0241 5144 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:13:47.0288 5144 RDPENCDD - ok
15:13:47.0319 5144 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
15:13:47.0381 5144 RDPWD - ok
15:13:47.0413 5144 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
15:13:47.0428 5144 regi - ok
15:13:47.0912 5144 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:13:47.0974 5144 RemoteAccess - ok
15:13:48.0115 5144 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
15:13:48.0177 5144 RemoteRegistry - ok
15:13:48.0520 5144 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
15:13:48.0551 5144 RFCOMM - ok
15:13:49.0487 5144 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:13:49.0550 5144 RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:13:49.0550 5144 RichVideo - detected UnsignedFile.Multi.Generic (1)
15:13:49.0597 5144 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
15:13:49.0612 5144 rimsptsk - ok
15:13:49.0628 5144 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
15:13:49.0675 5144 risdptsk - ok
15:13:50.0189 5144 RoxLiveShare10 (9e6cc99db64f0c93fad099e589c4d6dd) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
15:13:50.0221 5144 RoxLiveShare10 - ok
15:13:50.0813 5144 RoxMediaDB10 (5e6b8cb514280f284bbcb8685f25fba6) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:13:51.0047 5144 RoxMediaDB10 - ok
15:13:51.0437 5144 RoxWatch10 (ef1bd1c5b04c22aa077d5cc8ca3d160d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
15:13:51.0453 5144 RoxWatch10 - ok
15:13:51.0765 5144 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:13:51.0859 5144 RpcLocator - ok
15:13:52.0717 5144 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
15:13:52.0748 5144 RpcSs - ok
15:13:53.0153 5144 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:13:53.0169 5144 rspndr - ok
15:13:53.0497 5144 RtkAudioService (a76589efa47f3357aa81c64dc67a0d10) C:\Windows\RtkAudioService.exe
15:13:53.0512 5144 RtkAudioService - ok
15:13:53.0668 5144 SampleCollector (9a5fb8de6567bc86fccde2f0336857a3) C:\Program Files\Sony\VAIO Care\collsvc.exe
15:13:53.0684 5144 SampleCollector ( UnsignedFile.Multi.Generic ) - warning
15:13:53.0684 5144 SampleCollector - detected UnsignedFile.Multi.Generic (1)
15:13:53.0793 5144 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
15:13:53.0793 5144 SamSs - ok
15:13:54.0011 5144 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:13:54.0027 5144 sbp2port - ok
15:13:54.0682 5144 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:13:54.0776 5144 SBSDWSCService - ok
15:13:55.0353 5144 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
15:13:55.0462 5144 SCardSvr - ok
15:13:57.0365 5144 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
15:13:57.0475 5144 Schedule - ok
15:13:57.0677 5144 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
15:13:57.0709 5144 SCPolicySvc - ok
15:13:58.0036 5144 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
15:13:58.0099 5144 sdbus - ok
15:13:58.0317 5144 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:13:58.0442 5144 SDRSVC - ok
15:13:58.0473 5144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:13:58.0535 5144 secdrv - ok
15:13:58.0645 5144 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:13:58.0707 5144 seclogon - ok
15:13:58.0738 5144 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
15:13:58.0816 5144 SENS - ok
15:13:58.0816 5144 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:13:58.0879 5144 Serenum - ok
15:13:58.0879 5144 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:13:58.0941 5144 Serial - ok
15:13:58.0941 5144 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:13:58.0972 5144 sermouse - ok
15:13:59.0206 5144 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:13:59.0300 5144 SessionEnv - ok
15:13:59.0347 5144 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
15:13:59.0378 5144 SFEP - ok
15:13:59.0378 5144 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:13:59.0409 5144 sffdisk - ok
15:13:59.0425 5144 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:13:59.0456 5144 sffp_mmc - ok
15:13:59.0456 5144 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:13:59.0487 5144 sffp_sd - ok
15:13:59.0549 5144 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
15:13:59.0596 5144 sfloppy - ok
15:13:59.0674 5144 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
15:13:59.0690 5144 ShellHWDetection - ok
15:13:59.0705 5144 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:13:59.0705 5144 SiSRaid2 - ok
15:13:59.0737 5144 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:13:59.0752 5144 SiSRaid4 - ok
15:14:00.0049 5144 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
15:14:00.0189 5144 slsvc - ok
15:14:00.0985 5144 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
15:14:01.0047 5144 SLUINotify - ok
15:14:01.0515 5144 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
15:14:01.0546 5144 Smb - ok
15:14:01.0640 5144 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:14:01.0733 5144 SNMPTRAP - ok
15:14:02.0295 5144 SOHCImp (1a9dd46c547646a54cdb4065c1996a07) C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
15:14:02.0311 5144 SOHCImp - ok
15:14:02.0498 5144 SOHDms (2e1b0d8278bb616148ddca13dae87544) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
15:14:02.0576 5144 SOHDms - ok
15:14:02.0607 5144 SOHDs (892529ee03211c35aea7132e119f4862) C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
15:14:02.0623 5144 SOHDs - ok
15:14:02.0810 5144 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
15:14:02.0810 5144 spldr - ok
15:14:02.0966 5144 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
15:14:02.0981 5144 Spooler - ok
15:14:03.0559 5144 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
15:14:03.0590 5144 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
15:14:03.0590 5144 SPTISRV - detected UnsignedFile.Multi.Generic (1)
15:14:04.0261 5144 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:14:04.0292 5144 SQLBrowser - ok
15:14:04.0729 5144 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:14:04.0775 5144 SQLWriter - ok
15:14:04.0838 5144 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
15:14:04.0885 5144 srv - ok
15:14:05.0212 5144 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
15:14:05.0259 5144 srv2 - ok
15:14:05.0290 5144 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
15:14:05.0306 5144 srvnet - ok
15:14:05.0337 5144 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:14:05.0368 5144 SSDPSRV - ok
15:14:05.0384 5144 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:14:05.0446 5144 SstpSvc - ok
15:14:05.0743 5144 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
15:14:05.0821 5144 stisvc - ok
15:14:05.0836 5144 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:14:05.0836 5144 swenum - ok
15:14:06.0445 5144 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
15:14:06.0554 5144 swprv - ok
15:14:06.0803 5144 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:14:06.0850 5144 Symc8xx - ok
15:14:06.0866 5144 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:14:06.0866 5144 Sym_hi - ok
15:14:06.0881 5144 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:14:06.0881 5144 Sym_u3 - ok
15:14:07.0256 5144 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
15:14:07.0412 5144 SysMain - ok
15:14:07.0630 5144 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:14:07.0693 5144 TabletInputService - ok
15:14:07.0942 5144 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
15:14:08.0036 5144 TapiSrv - ok
15:14:08.0348 5144 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:14:08.0379 5144 TBS - ok
15:14:09.0487 5144 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
15:14:09.0627 5144 Tcpip - ok
15:14:11.0031 5144 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
15:14:11.0093 5144 Tcpip6 - ok
15:14:11.0686 5144 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
15:14:11.0733 5144 tcpipreg - ok
15:14:11.0811 5144 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:14:11.0889 5144 TDPIPE - ok
15:14:11.0936 5144 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:14:11.0998 5144 TDTCP - ok
15:14:12.0045 5144 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
15:14:12.0107 5144 tdx - ok
15:14:12.0139 5144 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
15:14:12.0139 5144 TermDD - ok
15:14:12.0544 5144 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
15:14:12.0622 5144 TermService - ok
15:14:12.0778 5144 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
15:14:12.0794 5144 Themes - ok
15:14:12.0856 5144 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:14:12.0887 5144 THREADORDER - ok
15:14:12.0997 5144 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:14:13.0090 5144 TrkWks - ok
15:14:13.0137 5144 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
15:14:13.0199 5144 TrustedInstaller - ok
15:14:13.0371 5144 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:14:13.0418 5144 tssecsrv - ok
15:14:13.0465 5144 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:14:13.0480 5144 tunmp - ok
15:14:13.0574 5144 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
15:14:13.0636 5144 tunnel - ok
15:14:13.0792 5144 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:14:13.0808 5144 uagp35 - ok
15:14:13.0995 5144 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
15:14:14.0011 5144 uCamMonitor - ok
15:14:14.0198 5144 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
15:14:14.0291 5144 udfs - ok
15:14:14.0323 5144 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:14:14.0354 5144 UI0Detect - ok
15:14:14.0369 5144 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:14:14.0385 5144 uliagpkx - ok
15:14:14.0713 5144 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:14:14.0791 5144 uliahci - ok
15:14:14.0931 5144 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:14:14.0947 5144 UlSata - ok
15:14:14.0993 5144 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:14:15.0009 5144 ulsata2 - ok
15:14:15.0040 5144 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:14:15.0103 5144 umbus - ok
15:14:15.0165 5144 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
15:14:15.0196 5144 UMPass - ok
15:14:15.0446 5144 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:14:15.0524 5144 upnphost - ok
15:14:16.0273 5144 UPnPService (2f791a77655e6f61a21482f200c3864d) C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
15:14:16.0382 5144 UPnPService ( UnsignedFile.Multi.Generic ) - warning
15:14:16.0382 5144 UPnPService - detected UnsignedFile.Multi.Generic (1)
15:14:16.0709 5144 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:14:16.0803 5144 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:14:16.0803 5144 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:14:16.0850 5144 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
15:14:16.0881 5144 usbaudio - ok
15:14:16.0959 5144 usbccgp (a0059d8567e8d35c6c309c2bdee7c038) C:\Windows\system32\DRIVERS\usbccgp.sys
15:14:16.0975 5144 usbccgp - ok
15:14:17.0021 5144 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
15:14:17.0115 5144 usbcir - ok
15:14:17.0162 5144 usbehci (c58475c202872eea514b1bd84467f016) C:\Windows\system32\DRIVERS\usbehci.sys
15:14:17.0193 5144 usbehci - ok
15:14:17.0240 5144 usbhub (3eb01de26c19576b04d39257adc57d06) C:\Windows\system32\DRIVERS\usbhub.sys
15:14:17.0365 5144 usbhub - ok
15:14:17.0411 5144 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:14:17.0474 5144 usbohci - ok
15:14:17.0755 5144 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:14:17.0786 5144 usbprint - ok
15:14:17.0973 5144 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:14:18.0035 5144 usbscan - ok
15:14:18.0067 5144 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:14:18.0098 5144 USBSTOR - ok
15:14:18.0113 5144 usbuhci (9c51a73704bf805a413f13f216befee2) C:\Windows\system32\DRIVERS\usbuhci.sys
15:14:18.0129 5144 usbuhci - ok
15:14:18.0815 5144 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
15:14:18.0893 5144 usbvideo - ok
15:14:18.0925 5144 usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
15:14:18.0987 5144 usb_rndisx - ok
15:14:19.0096 5144 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
15:14:19.0127 5144 UxSms - ok
15:14:19.0829 5144 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:14:19.0829 5144 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
15:14:19.0829 5144 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
15:14:20.0173 5144 VAIO Event Service (2c3dbb9b671ab95245ded1efc5276ce9) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
15:14:20.0188 5144 VAIO Event Service - ok
15:14:20.0282 5144 VAIO Power Management (b09e87175ad240a5b65112dd6573bcf8) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:14:20.0297 5144 VAIO Power Management - ok
15:14:21.0031 5144 VCFw (89e0efdda4287e0c9c4a61cd7e2a2232) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:14:21.0046 5144 VCFw ( UnsignedFile.Multi.Generic ) - warning
15:14:21.0046 5144 VCFw - detected UnsignedFile.Multi.Generic (1)
15:14:21.0499 5144 VcmIAlzMgr (2686b87edc54ed215ce479ac9b7675de) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:14:21.0561 5144 VcmIAlzMgr - ok
15:14:21.0982 5144 VcmXmlIfHelper (24235ba03209b2bf183fcf073c3cec41) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
15:14:21.0998 5144 VcmXmlIfHelper - ok
15:14:21.0998 5144 Vcsw - ok
15:14:23.0714 5144 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
15:14:23.0776 5144 vds - ok
15:14:24.0010 5144 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:14:24.0088 5144 vga - ok
15:14:24.0229 5144 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:14:24.0291 5144 VgaSave - ok
15:14:24.0307 5144 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:14:24.0307 5144 viaide - ok
15:14:24.0463 5144 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
15:14:24.0478 5144 volmgr - ok
15:14:24.0509 5144 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
15:14:24.0572 5144 volmgrx - ok
15:14:24.0993 5144 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
15:14:25.0180 5144 volsnap - ok
15:14:25.0227 5144 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:14:25.0243 5144 vsmraid - ok
15:14:25.0617 5144 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
15:14:25.0804 5144 VSS - ok
15:14:25.0976 5144 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
15:14:25.0991 5144 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
15:14:25.0991 5144 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
15:14:26.0506 5144 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
15:14:26.0662 5144 W32Time - ok
15:14:26.0740 5144 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:14:26.0787 5144 WacomPen - ok
15:14:26.0974 5144 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
15:14:27.0037 5144 Wanarp - ok
15:14:27.0037 5144 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
15:14:27.0068 5144 Wanarpv6 - ok
15:14:27.0567 5144 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
15:14:27.0645 5144 wcncsvc - ok
15:14:27.0676 5144 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:14:27.0739 5144 WcsPlugInService - ok
15:14:27.0739 5144 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:14:27.0754 5144 Wd - ok
15:14:28.0144 5144 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:14:28.0238 5144 Wdf01000 - ok
15:14:28.0519 5144 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:14:28.0643 5144 WdiServiceHost - ok
15:14:28.0643 5144 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:14:28.0675 5144 WdiSystemHost - ok
15:14:28.0862 5144 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
15:14:28.0893 5144 WebClient - ok
15:14:29.0080 5144 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:14:29.0111 5144 Wecsvc - ok
15:14:29.0143 5144 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:14:29.0158 5144 wercplsupport - ok
15:14:29.0392 5144 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
15:14:29.0439 5144 WerSvc - ok
15:14:29.0611 5144 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:14:29.0626 5144 WimFltr - ok
15:14:29.0657 5144 WinDefend - ok
15:14:29.0657 5144 WinHttpAutoProxySvc - ok
15:14:30.0203 5144 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
15:14:30.0266 5144 Winmgmt - ok
15:14:30.0859 5144 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:14:30.0968 5144 WinRM - ok
15:14:31.0951 5144 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
15:14:32.0029 5144 Wlansvc - ok
15:14:32.0060 5144 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:14:32.0107 5144 WmiAcpi - ok
15:14:32.0590 5144 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
15:14:32.0668 5144 wmiApSrv - ok
15:14:32.0902 5144 WMPNetworkSvc - ok
15:14:32.0949 5144 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:14:32.0996 5144 WPCSvc - ok
15:14:33.0183 5144 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
15:14:33.0230 5144 WPDBusEnum - ok
15:14:33.0370 5144 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
15:14:33.0433 5144 WpdUsb - ok
15:14:33.0994 5144 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:14:34.0135 5144 WPFFontCache_v0400 - ok
15:14:34.0135 5144 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:14:34.0166 5144 ws2ifsl - ok
15:14:34.0197 5144 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
15:14:34.0244 5144 wscsvc - ok
15:14:34.0244 5144 WSearch - ok
15:14:34.0883 5144 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
15:14:35.0055 5144 wuauserv - ok
15:14:35.0258 5144 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:14:35.0289 5144 WUDFRd - ok
15:14:35.0383 5144 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:14:35.0539 5144 wudfsvc - ok
15:14:35.0585 5144 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:14:36.0833 5144 \Device\Harddisk0\DR0 - ok
15:14:36.0865 5144 MBR (0x1B8) (560f080694db86cf628827420da1095c) \Device\Harddisk3\DR3
15:42:18.0485 5144 \Device\Harddisk3\DR3 - ok
15:42:18.0532 5144 Boot (0x1200) (e2d62283f89a652cd2505af7c53d9bf3) \Device\Harddisk0\DR0\Partition0
15:42:18.0547 5144 \Device\Harddisk0\DR0\Partition0 - ok
15:42:18.0547 5144 ============================================================
15:42:18.0547 5144 Scan finished
15:42:18.0547 5144 ============================================================
15:42:18.0563 1396 Detected object count: 17
15:42:18.0563 1396 Actual detected object count: 17
16:01:11.0561 1396 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0561 1396 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0561 1396 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0561 1396 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0561 1396 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0561 1396 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0561 1396 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0561 1396 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0576 1396 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0576 1396 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0592 1396 VCFw ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0592 1396 VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:11.0592 1396 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:11.0592 1396 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#4
RESBAK

RESBAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ComboFix log:

ComboFix 12-06-12.02 - ALMOGUERRA 06/12/2012 16:16:03.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6078.4022 [GMT -5:00]
Running from: c:\users\ALMOGUERRA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ALMOGU~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\ALMOGUERRA\AppData\Local\temp\1.tmp\F_IN_BOX.dll
c:\windows\Installer\{4d48b547-7908-597e-625f-97b699bc3154}
.
---- Previous Run -------
.
c:\windows\Installer\{4d48b547-7908-597e-625f-97b699bc3154}\L\[email protected]
c:\windows\Installer\{4d48b547-7908-597e-625f-97b699bc3154}\U\[email protected]
c:\windows\Installer\{4d48b547-7908-597e-625f-97b699bc3154}\U\[email protected]
c:\windows\Installer\{4d48b547-7908-597e-625f-97b699bc3154}\U\[email protected]
c:\windows\Installer\{4d48b547-7908-597e-625f-97b699bc3154}\U\[email protected]
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 21:23 . 2012-06-12 21:41 -------- d-----w- c:\users\ALMOGUERRA\AppData\Local\temp
2012-06-12 21:23 . 2012-06-12 21:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-12 21:23 . 2012-06-12 21:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-12 21:23 . 2012-06-12 21:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-12 21:23 . 2012-06-12 21:23 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-06-12 21:23 . 2012-06-12 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 19:57 . 2012-06-12 19:57 -------- d-----w- C:\_OTL
2012-06-12 04:46 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-12 04:46 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-12 04:46 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-12 04:46 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-12 04:46 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-12 04:46 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-12 04:45 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-12 04:45 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-11 03:07 . 2012-06-11 03:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-11 03:07 . 2012-06-11 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-22 00:46 . 2012-05-22 00:46 -------- d-----w- c:\users\ALMOGUERRA\AppData\Roaming\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 02:53 . 2012-04-11 01:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 02:53 . 2011-05-18 10:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 06:41 . 2012-06-12 06:29 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A9264-B7F0-4D6B-A7AD-FE0C1B552583}\mpengine.dll
2012-05-07 01:53 . 2012-04-11 01:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 20:56 . 2011-07-13 00:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 10:20 . 2010-04-25 14:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-21 . BD9A2895D87ED60FC0017FD2213119EA . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( [email protected]_03.05.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 04:14 . 2009-11-30 04:14 70944 c:\windows\SysWOW64\STRING32.dll
+ 2009-01-22 09:12 . 2009-01-22 09:12 88904 c:\windows\SysWOW64\msxml4r.dll
+ 2012-01-02 01:13 . 2001-03-09 00:30 24064 c:\windows\SysWOW64\msxml3a.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows\SysWOW64\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows\SysWOW64\dns-sd.exe
+ 2009-11-30 04:14 . 2009-11-30 04:14 95520 c:\windows\SysWOW64\DLLPRF32.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 83232 c:\windows\SysWOW64\DLLPNT32.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 99616 c:\windows\SysWOW64\DLLIO32.dll
+ 2011-11-16 23:30 . 2012-06-12 20:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-11-16 23:30 . 2011-11-17 01:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-07-18 00:44 . 2011-12-11 15:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2011-07-18 00:44 . 2012-06-09 13:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2011-07-18 00:44 . 2011-12-11 15:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2011-07-18 00:44 . 2012-06-09 13:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2011-07-18 00:44 . 2012-06-09 13:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2011-07-18 00:44 . 2011-12-11 15:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2011-11-16 23:29 . 2012-06-12 02:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2008-01-21 02:23 . 2012-06-12 21:41 79724 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-12 21:41 92094 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-07 14:55 . 2012-06-12 21:41 22000 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3553525114-283763260-1387714544-1000_UserData.bin
+ 2009-01-14 01:08 . 2009-02-27 09:42 66440 c:\windows\system32\spool\drivers\x64\msonpui.dll
+ 2012-02-15 16:01 . 2012-02-15 16:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_8eb172ad\usbaapl64.sys
+ 2011-05-10 14:06 . 2011-05-10 14:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_37ca2c1a\netaapl64.sys
+ 2011-05-10 14:06 . 2011-05-10 14:06 51712 c:\windows\system32\drivers\usbaapl64.sys
+ 2008-01-21 02:46 . 2008-01-21 02:46 19456 c:\windows\system32\drivers\usb8023x.sys
+ 2008-01-21 02:46 . 2008-01-21 02:46 40960 c:\windows\system32\drivers\rndismpx.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 96104 c:\windows\system32\dns-sd.exe
+ 2009-01-14 00:59 . 2012-06-12 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 00:59 . 2011-12-19 03:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 00:59 . 2011-12-19 03:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 00:59 . 2012-06-12 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-14 00:59 . 2011-12-19 03:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-14 00:59 . 2012-06-12 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-09 00:41 . 2011-12-19 02:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-09 00:41 . 2012-06-02 23:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-09 00:41 . 2011-12-19 02:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-09 00:41 . 2012-06-02 23:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-09 00:41 . 2012-06-02 23:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-09 00:41 . 2011-12-19 02:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-07 03:57 . 2012-06-12 02:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-07 03:57 . 2011-12-19 02:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-07 03:57 . 2011-12-19 02:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-07 03:57 . 2012-06-12 02:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-05 19:55 . 2012-04-05 19:55 28160 c:\windows\Installer\51c75513.msi
+ 2012-03-21 20:45 . 2012-03-21 20:45 22016 c:\windows\Installer\4b6004a.msi
- 2011-12-19 02:03 . 2011-12-19 02:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2008-01-01 09:03 . 2008-01-01 09:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-02-24 03:31 . 2008-01-01 09:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-24 03:31 . 2011-12-19 02:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-24 03:31 . 2011-12-19 02:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-24 03:31 . 2008-01-01 09:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-14 01:08 . 2008-01-01 09:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-14 01:08 . 2011-12-19 02:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-01 09:06 . 2008-01-01 09:06 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-19 02:03 . 2011-12-19 02:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-04 09:00 . 2011-10-13 10:50 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 09:00 . 2008-01-02 09:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-01-02 01:20 . 2012-01-02 01:20 25214 c:\windows\Installer\{2B04D44F-1D1B-4E0E-8431-D04F87C21033}\ARPPRODUCTICON.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-26 19:09 . 2009-02-26 19:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-27 00:43 . 2009-02-27 00:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 23:45 . 2009-02-26 23:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 18:50 . 2006-07-24 18:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 18:50 . 2006-07-24 18:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 19:09 . 2009-02-26 19:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-27 00:43 . 2009-02-27 00:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 23:45 . 2009-02-26 23:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2011-05-31 22:31 . 2011-05-31 22:31 32128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VPREVIEW.EXE
+ 2006-07-24 18:50 . 2006-07-24 18:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2011-07-20 11:17 . 2011-07-20 11:17 33152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SETLANG.EXE
+ 2011-07-27 10:53 . 2011-07-27 10:53 39464 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\REFIEBAR.DLL
+ 2009-02-27 01:21 . 2009-02-27 01:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\REFEDIT.DLL
+ 2009-02-26 18:09 . 2009-02-26 18:09 43352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OUTLRPC.DLL
+ 2011-07-27 11:17 . 2011-07-27 11:17 22432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISCTRL.DLL
+ 2011-07-27 11:25 . 2011-07-27 11:25 53728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OFFRHD.DLL
+ 2011-07-27 10:53 . 2011-07-27 10:53 64872 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\NAME.DLL
+ 2009-02-26 23:07 . 2009-02-26 23:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOHTMED.EXE
+ 2009-02-26 23:07 . 2009-02-26 23:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOHEV.DLL
+ 2009-02-27 01:21 . 2009-02-27 01:21 25968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOEURO.DLL
+ 2011-07-27 10:34 . 2011-07-27 10:34 13712 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOCFU.DLL
+ 2006-07-24 18:50 . 2006-07-24 18:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-02-26 18:09 . 2009-02-26 18:09 20352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MLSHEXT.DLL
+ 2011-05-31 22:26 . 2011-05-31 22:26 88448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\METCONV.DLL
+ 2011-07-27 23:49 . 2011-07-27 23:49 56696 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\EXP_XPS.DLL
+ 2011-07-27 23:49 . 2011-07-27 23:49 95608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\EXP_PDF.DLL
+ 2009-02-26 23:07 . 2009-02-26 23:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\AUTHZAX.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 55168 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACERCLR.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODTXT.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODPDX.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODEXL.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODDBS.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 47024 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEERR.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 55240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECNFLT.EXE
+ 2010-01-26 15:57 . 2010-01-26 15:57 35648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL
+ 2009-02-27 00:43 . 2009-02-27 00:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 23:45 . 2009-02-26 23:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
- 2006-11-02 12:40 . 2011-07-14 11:11 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2012-05-08 00:33 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-07-14 11:11 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2012-05-08 00:33 51200 c:\windows\inf\infpub.dat
+ 2006-12-10 22:54 . 2006-12-10 22:54 24576 c:\windows\ehome\Interop.NeroMCEWrapper.dll
+ 2006-12-10 22:55 . 2006-12-10 22:55 28672 c:\windows\ehome\DiscWriter.dll
+ 2012-03-07 09:05 . 2012-03-07 09:05 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
- 2009-12-07 09:03 . 2009-12-07 09:03 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-07 09:05 . 2012-03-07 09:05 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-07 09:08 . 2012-03-07 09:08 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2010-01-24 14:40 . 2012-06-12 00:35 3444 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2012-06-12 21:39 . 2012-06-12 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-19 03:03 . 2011-12-19 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 21:39 . 2012-06-12 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-19 03:03 . 2011-12-19 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-07-14 22:29 . 2006-07-14 22:29 966656 c:\windows\UNNeroBackItUp.exe
+ 2004-07-09 14:43 . 2004-07-09 14:43 364544 c:\windows\SysWOW64\TwnLib4.dll
+ 2011-06-07 23:51 . 2011-06-07 23:51 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2012-06-11 02:53 . 2012-06-11 02:53 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-06-11 02:53 . 2012-06-11 02:53 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-05-07 01:53 . 2012-05-07 01:53 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-04-11 01:26 . 2012-06-11 02:53 257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2011-11-17 02:09 . 2011-10-03 11:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-31 10:20 . 2012-03-31 10:20 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-31 10:20 . 2012-03-31 10:20 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-31 10:20 . 2012-03-31 10:20 149280 c:\windows\SysWOW64\java.exe
+ 2004-07-26 22:16 . 2004-07-26 22:16 471040 c:\windows\SysWOW64\imagXRA7.dll
+ 2004-07-26 22:16 . 2004-07-26 22:16 262144 c:\windows\SysWOW64\imagXR7.dll
+ 2004-07-26 22:16 . 2004-07-26 22:16 476320 c:\windows\SysWOW64\imagXpr7.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows\SysWOW64\dnssdX.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 288032 c:\windows\SysWOW64\DLLRES32.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 226592 c:\windows\SysWOW64\DLLDRV32.dll
+ 2007-04-27 16:43 . 2007-04-27 16:43 120200 c:\windows\SysWOW64\DLLDEV32i.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 218400 c:\windows\SysWOW64\DLLDEV32.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 152864 c:\windows\SysWOW64\DLLCPY32.dll
+ 2009-11-30 04:14 . 2009-11-30 04:14 738592 c:\windows\SysWOW64\DLLAV32.dll
+ 2012-06-12 02:27 . 2012-06-12 02:27 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2008-01-21 03:20 . 2012-06-12 21:39 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-12 02:27 . 2012-06-12 02:27 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-06-12 02:27 . 2012-06-12 02:27 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2011-09-04 11:59 . 2012-06-11 21:27 289858 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-14 01:08 . 2009-02-27 09:42 863128 c:\windows\system32\spool\drivers\x64\msonpdrv.dll
+ 2006-11-02 12:46 . 2012-06-12 20:11 653876 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-06-12 20:11 122330 c:\windows\system32\perfc009.dat
+ 2010-04-26 07:42 . 2012-02-23 15:18 279656 c:\windows\system32\MpSigStub.exe
+ 2012-06-11 02:53 . 2012-06-11 02:53 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe
+ 2012-06-11 02:53 . 2012-06-11 02:53 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.dll
+ 2012-05-07 01:53 . 2012-05-07 01:53 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2006-11-02 15:21 . 2012-05-01 23:32 654888 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-31 04:05 . 2011-08-31 04:05 212840 c:\windows\system32\dnssdX.dll
+ 2011-07-13 01:40 . 2012-06-12 21:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-07-13 01:40 . 2011-10-07 14:19 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-07-13 01:50 . 2012-03-06 23:15 258520 c:\windows\system32\aswBoot.exe
+ 2012-04-25 01:27 . 2008-01-01 05:00 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-02 01:23 . 2012-01-02 01:23 988672 c:\windows\Installer\f1e6d0b.msi
+ 2012-01-01 02:29 . 2012-01-01 02:29 996864 c:\windows\Installer\a399e7a.msi
+ 2012-01-01 01:41 . 2012-01-01 01:41 167424 c:\windows\Installer\a0cfb4a.msi
+ 2012-01-01 01:40 . 2012-01-01 01:40 498176 c:\windows\Installer\a0cfb45.msi
+ 2012-01-01 01:40 . 2012-01-01 01:40 228352 c:\windows\Installer\a0cfb38.msi
+ 2012-05-08 00:33 . 2012-05-08 00:33 189440 c:\windows\Installer\502244.msi
+ 2012-03-31 10:33 . 2012-03-31 10:33 203776 c:\windows\Installer\35f7be04.msi
+ 2012-03-31 10:20 . 2012-03-31 10:20 901120 c:\windows\Installer\35f7bdf6.msi
+ 2012-01-02 09:00 . 2012-01-02 09:00 499712 c:\windows\Installer\10c66be9.msi
+ 2012-01-02 01:23 . 2012-01-02 01:23 323584 c:\windows\Installer\{E1180142-3B31-4DCC-9D27-7AC2D37662BF}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2012-01-02 01:23 . 2012-01-02 01:23 323584 c:\windows\Installer\{E1180142-3B31-4DCC-9D27-7AC2D37662BF}\NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2012-05-07 02:15 . 2012-05-07 02:15 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-01-01 02:29 . 2012-01-01 02:29 367958 c:\windows\Installer\{A42D7E35-C1A1-4278-80ED-A706A261C0D1}\ProgramIcon.exe
+ 2012-06-11 03:47 . 2012-06-11 03:47 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-06-11 03:47 . 2012-06-11 03:47 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-06-11 03:47 . 2012-06-11 03:47 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-06-11 03:47 . 2012-06-11 03:47 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2009-01-14 01:08 . 2011-12-19 02:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-14 01:08 . 2008-01-01 09:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-14 01:08 . 2011-12-19 02:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-14 01:08 . 2008-01-01 09:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-14 01:08 . 2011-12-19 02:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-14 01:08 . 2008-01-01 09:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-24 03:31 . 2008-01-01 09:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-02-24 03:31 . 2011-12-19 02:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2012-04-12 08:03 . 2012-04-12 08:03 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-06-17 10:51 . 2011-06-17 10:51 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-03-07 09:03 . 2012-03-07 09:03 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-12-07 09:02 . 2009-12-07 09:02 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-01-01 02:29 . 2012-01-01 02:29 360518 c:\windows\Installer\{27DDE8D0-27C4-4785-AE0E-ACEE900E7E71}\ProgramIcon.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-09-16 02:41 . 2011-09-16 02:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2007-06-08 01:51 . 2007-06-08 01:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 12:27 . 2008-03-19 12:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 18:50 . 2006-07-24 18:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 23:45 . 2009-02-26 23:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2011-09-16 02:41 . 2011-09-16 02:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2007-06-08 01:51 . 2007-06-08 01:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2011-07-27 10:58 . 2011-07-27 10:58 439160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SETUP.EXE
+ 2011-07-27 10:54 . 2011-07-27 10:54 503184 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\SELFCERT.EXE
+ 2011-05-27 03:13 . 2011-05-27 03:13 368520 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\PPSLAX.DLL
+ 2011-07-27 10:36 . 2011-07-27 10:36 481640 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\PORTCONN.DLL
+ 2007-06-08 01:51 . 2007-06-08 01:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2011-07-27 11:17 . 2011-07-27 11:17 284560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISGRAPH.DLL
+ 2011-07-27 11:16 . 2011-07-27 11:16 997768 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OISAPP.DLL
+ 2011-07-27 11:16 . 2011-07-27 11:16 273792 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OIS.EXE
+ 2008-03-19 12:27 . 2008-03-19 12:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 231864 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ODEPLOY.EXE
+ 2011-07-20 11:22 . 2011-07-20 11:22 538968 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORES.DLL
+ 2011-07-20 11:22 . 2011-07-20 11:22 144728 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORE.EXE
+ 2011-07-20 11:22 . 2011-07-20 11:22 832360 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSTORDB.EXE
+ 2006-07-24 18:50 . 2006-07-24 18:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2009-02-26 04:02 . 2009-02-26 04:02 504176 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSSOAP30.DLL
+ 2011-07-27 12:10 . 2011-07-27 12:10 670560 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSQRY32.EXE
+ 2011-05-31 23:19 . 2011-05-31 23:19 732000 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSPROOF6.DLL
+ 2009-02-26 03:46 . 2009-02-26 03:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSORUN.DLL
+ 2011-07-27 10:53 . 2011-07-27 10:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSODCW.DLL
+ 2011-07-27 10:34 . 2011-07-27 10:34 160632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSOCF.DLL
+ 2011-06-23 15:54 . 2011-06-23 15:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2011-07-20 11:22 . 2011-07-20 11:22 828264 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MEDCAT.DLL
+ 2011-07-27 23:49 . 2011-07-27 23:49 177536 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IETAG.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FPWEC.DLL
+ 2009-02-26 18:09 . 2009-02-26 18:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-07-27 11:13 . 2011-07-27 11:13 434080 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DWTRIG20.EXE
+ 2011-07-27 10:53 . 2011-07-27 10:53 105872 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\DSSM.EXE
+ 2011-07-27 10:53 . 2011-07-27 10:53 188800 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CONTACTPICKER.DLL
+ 2011-07-27 12:13 . 2011-07-27 12:13 204664 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CLVIEW.EXE
+ 2011-07-27 12:20 . 2011-07-27 12:20 400216 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\CDLMSO.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 370608 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEXBE.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 223152 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACETXT.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 550840 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEREP.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 288688 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACER3X.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 255920 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACER2X.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 391096 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEPDE.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 378808 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEOLEDB.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 278912 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEODBC.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 206776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACELTS.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 632752 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEEXCL.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 337848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEEXCH.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 186304 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEES.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 571320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACEDAO.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 763848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECNF.DLL
+ 2006-10-27 21:35 . 2006-10-27 21:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2009-02-26 23:45 . 2009-02-26 23:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2006-11-02 12:40 . 2012-05-08 00:33 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-07-14 11:11 143360 c:\windows\inf\infstrng.dat
+ 2012-03-07 09:05 . 2012-03-07 09:05 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2009-12-07 09:03 . 2009-12-07 09:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-07 09:05 . 2012-03-07 09:05 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-05-01 08:01 . 2012-04-13 08:46 8917360 c:\windows\TempB719B2BF-3C1F-E576-43FC-661B7634D83A-Signatures\mpengine.dll
+ 2009-07-21 04:16 . 2009-07-21 04:16 1393480 c:\windows\SysWOW64\msxml4.dll
+ 2012-05-07 01:53 . 2012-05-07 01:53 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
+ 2004-07-26 22:16 . 2004-07-26 22:16 1568768 c:\windows\SysWOW64\imagX7.dll
+ 2011-07-07 08:28 . 2011-07-07 08:28 1193320 c:\windows\SysWOW64\FM20.DLL
+ 2008-01-21 03:20 . 2012-06-12 21:39 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-12 21:39 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-10 14:06 . 2011-05-10 14:06 4517664 c:\windows\system32\usbaaplrc.dll
+ 2012-02-15 16:01 . 2012-02-15 16:01 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_8eb172ad\usbaaplrc.dll
+ 2010-04-20 02:29 . 2010-04-20 02:29 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_37ca2c1a\wdfcoinstaller01009.dll
+ 2009-12-06 10:05 . 2008-01-03 05:19 3864560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-02 01:20 . 2012-01-02 01:20 5760512 c:\windows\Installer\f1e6d06.msi
+ 2012-04-05 04:38 . 2012-04-05 04:38 2831360 c:\windows\Installer\dc4392.msp
+ 2012-04-29 03:44 . 2012-04-29 03:44 9101824 c:\windows\Installer\dc4379.msp
+ 2012-04-29 03:44 . 2012-04-29 03:44 9586176 c:\windows\Installer\dc4355.msp
+ 2012-04-30 20:38 . 2012-04-30 20:38 5011456 c:\windows\Installer\dc4343.msp
+ 2012-04-05 04:38 . 2012-04-05 04:38 3620864 c:\windows\Installer\dc430a.msp
+ 2012-03-15 08:24 . 2012-03-15 08:24 1795584 c:\windows\Installer\dc42f1.msp
+ 2012-04-29 03:43 . 2012-04-29 03:43 8459264 c:\windows\Installer\dc42c0.msp
+ 2012-02-17 14:45 . 2012-02-17 14:45 2299392 c:\windows\Installer\dc42a7.msp
+ 2012-01-01 02:31 . 2012-01-01 02:31 1144320 c:\windows\Installer\a399e8a.msi
+ 2012-01-01 02:29 . 2012-01-01 02:29 1088000 c:\windows\Installer\a399e85.msi
+ 2012-01-01 02:29 . 2012-01-01 02:29 1128448 c:\windows\Installer\a399e80.msi
+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\9b06c7c.msp
+ 2012-05-07 02:14 . 2012-05-07 02:14 4296704 c:\windows\Installer\818792.msi
+ 2012-05-07 02:08 . 2012-05-07 02:08 2189312 c:\windows\Installer\817dad.msi
+ 2012-05-07 02:05 . 2012-05-07 02:05 2011136 c:\windows\Installer\817d50.msi
+ 2012-05-07 02:05 . 2012-05-07 02:05 1530368 c:\windows\Installer\817cff.msi
+ 2012-03-27 05:28 . 2012-03-27 05:28 5009920 c:\windows\Installer\67c760b.msp
+ 2012-03-23 19:59 . 2012-03-23 19:59 7899648 c:\windows\Installer\67c75e5.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 1169920 c:\windows\Installer\67c75c4.msp
+ 2012-02-03 21:13 . 2012-02-03 21:13 4988928 c:\windows\Installer\47407f4.msp
+ 2011-09-16 00:40 . 2011-09-16 00:40 7959552 c:\windows\Installer\44743d4f.msp
+ 2011-09-16 00:34 . 2011-09-16 00:34 8499712 c:\windows\Installer\44743d31.msp
+ 2011-09-16 00:35 . 2011-09-16 00:35 1411072 c:\windows\Installer\44743a7c.msp
+ 2012-03-01 04:45 . 2012-03-01 04:45 4989440 c:\windows\Installer\1bc6390d.msp
+ 2009-01-14 01:08 . 2008-01-01 09:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-14 01:08 . 2011-12-19 02:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-26 15:58 . 2008-01-01 09:06 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2010-01-26 15:58 . 2011-12-19 02:03 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-10 05:10 . 2009-10-10 05:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-07 08:58 . 2011-07-07 08:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 06:14 . 2011-08-03 06:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2006-10-27 02:25 . 2006-10-27 02:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-08-17 15:49 . 2011-08-17 15:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-20 14:12 . 2011-07-20 14:12 3750776 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VVIEWER.DLL
+ 2011-06-29 13:02 . 2011-06-29 13:02 1846656 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VVIEWDWG.DLL
+ 2009-10-10 05:10 . 2009-10-10 05:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-28 00:15 . 2011-07-28 00:15 2335648 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\STSLIST.DLL
+ 2011-07-27 10:59 . 2011-07-27 10:59 6540136 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OSETUP.DLL
+ 2011-07-07 08:58 . 2011-07-07 08:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-27 11:51 . 2011-07-27 11:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OFFOWC.DLL
+ 2011-08-03 06:14 . 2011-08-03 06:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2011-07-20 11:31 . 2011-07-20 11:31 1523632 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\NLSD0000.DLL
+ 2011-05-27 01:28 . 2011-05-27 01:28 6637952 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSORES.DLL
+ 2011-07-27 11:09 . 2011-07-27 11:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-06-22 14:16 . 2011-06-22 14:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL
+ 2011-07-07 08:28 . 2011-07-07 08:28 1193320 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\FM20.DLL
+ 2011-08-04 00:27 . 2011-08-04 00:27 1415072 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\ACECORE.DLL
+ 2011-08-17 15:49 . 2011-08-17 15:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-07 08:58 . 2011-07-07 08:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 06:14 . 2011-08-03 06:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-03-07 09:05 . 2012-03-07 09:05 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2006-11-02 12:33 . 2011-07-14 11:11 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2008-05-25 17:47 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:35 . 2008-01-01 09:06 57848688 c:\windows\system32\mrt.exe
+ 2012-05-07 01:53 . 2012-05-07 01:53 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
+ 2008-01-01 09:00 . 2008-01-01 09:00 20343808 c:\windows\Installer\dc4298.msp
+ 2012-03-28 23:10 . 2012-03-28 23:10 12098048 c:\windows\Installer\67c75b3.msp
+ 2008-01-02 09:00 . 2008-01-02 09:00 23771136 c:\windows\Installer\602b266.msp
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\4d92a2a.msp
+ 2012-02-16 09:03 . 2012-02-16 09:03 20333056 c:\windows\Installer\47407ff.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 38176256 c:\windows\Installer\44743d6c.msp
+ 2011-09-16 00:39 . 2011-09-16 00:39 11163136 c:\windows\Installer\44743d46.msp
+ 2011-09-16 00:38 . 2011-09-16 00:38 10838528 c:\windows\Installer\44743d3b.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 16691712 c:\windows\Installer\44743a83.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 34428416 c:\windows\Installer\44743a7d.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 37148160 c:\windows\Installer\44743a71.msp
+ 2011-09-16 02:42 . 2011-09-16 02:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-17 16:01 . 2011-08-17 16:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-04 01:53 . 2011-08-04 01:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-09-16 02:42 . 2011-09-16 02:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-17 16:01 . 2011-08-17 16:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\OART.DLL
+ 2011-08-04 01:53 . 2011-08-04 01:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-08-04 01:53 . 2011-08-04 01:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2011-09-16 00:34 . 2011-09-16 00:34 428804608 c:\windows\Installer\44743c23.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"cdloader"="c:\users\ALMOGUERRA\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DigiDo"="c:\program files (x86)\TWC\DigiDo\DigiDo.exe" [2010-07-28 6870376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 03:10]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 03:10]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000Core.job
- c:\users\ALMOGUERRA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 03:41]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000UA.job
- c:\users\ALMOGUERRA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 03:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-11-12 6407200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-31 15880224]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-31 82464]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\TWC\DigiDo\AffinegyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-06-12 16:49:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 21:49
ComboFix2.txt 2011-12-19 03:13
.
Pre-Run: 882,248,978,432 bytes free
Post-Run: 882,195,664,896 bytes free
.
- - End Of File - - 952C9CBD89BC31C4D91DA43C0D9B2839
  • 0

#5
RESBAK

RESBAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Also, I just did a quick search in Google Chrome and it still redirects to Babylon
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I now need to find a spare copy of services

Run OTL and paste the following in the custom scans box and run a quick scan

/md5start
services.*
/md5stop


Please post the resultant log
  • 0

#7
RESBAK

RESBAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OTL Log:

OTL logfile created on: 6/12/2012 5:16:21 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\ALMOGUERRA\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.94 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.42% Memory free
11.98 Gb Paging File | 10.14 Gb Available in Paging File | 84.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.69 Gb Total Space | 821.68 Gb Free Space | 89.25% Space Free | Partition Type: NTFS
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 17.59 Mb Total Space | 17.24 Mb Free Space | 97.96% Space Free | Partition Type: FAT

Computer Name: ALMOGUERRA-PC | User Name: ALMOGUERRA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 09:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ALMOGUERRA\Desktop\OTL.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/14 19:17:52 | 001,830,400 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/07/28 18:08:50 | 006,870,376 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
PRC - [2010/07/28 18:08:50 | 000,564,072 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/05 21:32:34 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/11/05 21:32:34 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/09 15:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2008/09/08 12:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 12:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/03 20:36:04 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/28 18:08:52 | 000,021,864 | ---- | M] () -- C:\Program Files (x86)\TWC\DigiDo\AffinegyServicePS.dll
MOD - [2010/07/28 17:50:54 | 000,813,568 | ---- | M] () -- C:\Program Files (x86)\TWC\DigiDo\gateways\MotorolaSBG900LOC.dll
MOD - [2009/11/10 16:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2008/01/20 21:48:39 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/10/01 21:18:48 | 000,369,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/09/29 19:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV:64bit: - [2008/09/19 13:06:24 | 000,108,832 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/05 15:00:06 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/26 19:16:24 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2011/09/26 19:16:16 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/16 16:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/14 19:17:52 | 001,830,400 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2010/07/28 18:08:50 | 000,564,072 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2008/11/12 03:05:32 | 000,141,344 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/11/05 21:32:34 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/21 13:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 13:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 13:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/08 12:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 12:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 12:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 20:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/09 00:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/20 04:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 04:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 04:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/02/07 13:07:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/02/07 13:07:04 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/02/07 13:06:56 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/08 17:25:00 | 000,647,242 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:02:05 | 000,043,864 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/09/26 19:17:08 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/09/16 16:10:50 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 16:10:24 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/22 19:02:17 | 000,085,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 19:02:08 | 000,076,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/10/21 19:01:29 | 000,021,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/10/21 19:01:28 | 000,133,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/10/21 19:01:28 | 000,095,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/10/21 19:01:04 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/10/20 19:04:26 | 001,168,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/10/20 19:01:42 | 000,316,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/08/21 19:06:22 | 000,011,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/07/12 19:00:24 | 001,027,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2008/06/23 01:28:00 | 001,217,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVerBDA716x_x64.sys -- (AVerBDA6x_x64)
DRV:64bit: - [2008/06/19 19:37:17 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2008/05/28 05:23:40 | 000,154,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/24 17:06:42 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/04/16 23:51:50 | 000,014,112 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/09/16 16:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2008/08/22 19:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNYR&bmod=SNYR
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNYR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SNYR_enUS356
IE - HKCU\..\SearchScopes\{C00744D7-4B71-4425-9952-9167F78C100F}: "URL" = http://search.yahoo....0414,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ALMOGUERRA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ALMOGUERRA\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


[2011/07/12 06:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALMOGUERRA\AppData\Roaming\Mozilla\Extensions
[2009/12/09 12:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALMOGUERRA\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/12 06:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/25 09:22:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 04:54:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...m&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\ALMOGUERRA\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.5_0\
CHR - Extension: YouTube = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\
CHR - Extension: avast! WebRep = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\ALMOGUERRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/12 16:40:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdloader] C:\Users\ALMOGUERRA\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{616DCE37-90F0-4937-9A44-6C1E5B37ABDF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - F:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2005/12/08 17:33:29 | 000,000,000 | R--D | M] - G:\autorun -- [ UDF ]
O32 - AutoRun File - [2005/12/06 17:18:38 | 001,695,744 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/11/18 16:44:26 | 000,000,049 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - H:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 16:49:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/12 16:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/12 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\AppData\Local\temp
[2012/06/12 16:10:29 | 004,556,099 | R--- | C] (Swearware) -- C:\Users\ALMOGUERRA\Desktop\ComboFix.exe
[2012/06/12 15:09:49 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ALMOGUERRA\Desktop\tdsskiller.exe
[2012/06/12 14:57:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/12 09:23:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ALMOGUERRA\Desktop\OTL.exe
[2012/06/11 23:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/06/11 23:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/11 23:45:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/11 23:45:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/11 23:31:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/11 20:11:39 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\Desktop\RK_Quarantine
[2012/06/10 22:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/10 22:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/10 22:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/24 12:31:44 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\Documents\Command and Conquer Generals Zero Hour Data
[2012/05/21 19:46:31 | 000,000,000 | ---D | C] -- C:\Users\ALMOGUERRA\AppData\Roaming\Auslogics

========== Files - Modified Within 30 Days ==========

[2012/06/12 17:15:33 | 000,043,034 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/12 17:15:32 | 000,043,034 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/12 17:01:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000UA.job
[2012/06/12 16:50:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 16:46:49 | 000,773,076 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 16:46:49 | 000,653,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 16:46:49 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 16:40:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/12 16:39:17 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/12 16:39:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 16:39:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 16:39:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 16:37:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/12 16:10:39 | 004,556,099 | R--- | M] (Swearware) -- C:\Users\ALMOGUERRA\Desktop\ComboFix.exe
[2012/06/12 16:01:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000Core.job
[2012/06/12 15:10:19 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ALMOGUERRA\Desktop\tdsskiller.exe
[2012/06/12 09:23:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ALMOGUERRA\Desktop\OTL.exe
[2012/06/12 06:06:36 | 000,000,912 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\magicJack.lnk
[2012/06/11 23:46:18 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/11 23:46:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/11 23:38:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/10 22:47:08 | 000,790,984 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/10 22:40:16 | 000,442,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120610-224056.backup
[2012/06/10 22:38:49 | 000,000,802 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/06/10 22:07:06 | 000,001,097 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\Spybot - Search & Destroy.lnk
[2012/06/10 21:25:38 | 000,002,067 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\Google Chrome.lnk
[2012/06/10 21:25:38 | 000,002,029 | ---- | M] () -- C:\Users\ALMOGUERRA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/10 09:26:50 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/06/01 22:14:33 | 000,000,112 | ---- | M] () -- C:\Users\ALMOGUERRA\Desktop\Chikka Still the Best Way to Send Free Text Messages.URL

========== Files Created - No Company Name ==========

[2012/06/11 23:46:18 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/11 23:46:16 | 000,024,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/11 23:46:15 | 000,337,240 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/11 23:46:11 | 000,043,864 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/06/11 23:46:10 | 000,059,224 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/11 23:46:08 | 000,819,032 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/11 23:46:07 | 000,069,976 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/10 22:07:06 | 000,001,097 | ---- | C] () -- C:\Users\ALMOGUERRA\Desktop\Spybot - Search & Destroy.lnk
[2012/06/10 09:26:50 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/04/05 15:12:34 | 000,051,186 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Roaming\room_v3.dat
[2011/12/31 19:47:39 | 000,075,888 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\rx_audio.Cache
[2011/12/31 19:47:08 | 000,385,552 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\rx_image32.Cache
[2011/12/18 21:42:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/18 21:42:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/18 21:42:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/18 21:42:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/18 21:42:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/12 19:52:34 | 000,000,732 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\d3d9caps64.dat
[2011/07/09 22:03:03 | 000,024,088 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Roaming\UserTile.png
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/02/21 22:11:30 | 000,000,680 | ---- | C] () -- C:\Users\ALMOGUERRA\AppData\Local\d3d9caps.dat
[2010/11/03 17:41:41 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/03 17:41:41 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

========== LOP Check ==========

[2012/06/12 16:37:47 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES >
[2006/09/18 16:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services

< MD5 for: SERVICES.CFG >
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 17:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2009\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2008/01/20 21:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SysWOW64\services.exe
[2008/01/20 21:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2008/01/20 21:49:44 | 000,381,952 | ---- | M] () MD5=BD9A2895D87ED60FC0017FD2213119EA -- C:\Windows\SysNative\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 21:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\ERDNT\cache64\services.exe
[2008/01/20 21:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 10:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 10:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 10:13:56 | 000,017,408 | ---- | M] () MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 10:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 22:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 22:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 16:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006/09/18 16:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 10:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 16:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 10:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 10:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 16:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 10:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 02:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets now replace the infected file and then tackle the remaining Babylon bit

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\ERDNT\cache64\services.exe|c:\windows\system32\Services.exe

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


FOR CHROME

The only place where Babylon is now is in Chrome, unfortunately my tools do not work in that area so you will need to reset it manually. Details are here
  • 0

#9
RESBAK

RESBAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
After doing the ComboFix, the desktop icons disappeared and after a reboot, I got these two errors and the PC won't let me login.

Posted Image Posted Image

So I reboot a second time and now it seems everything is working and I also got the ComboFix logs :D

ComboFix 12-06-12.02 - ALMOGUERRA 06/13/2012 9:20.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6078.3832 [GMT -5:00]
Running from: c:\users\ALMOGUERRA\Desktop\ComboFix.exe
Command switches used :: c:\users\ALMOGUERRA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ALMOGU~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\ALMOGUERRA\AppData\Local\temp\1.tmp\F_IN_BOX.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache64\services.exe --> c:\windows\system32\Services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 14:27 . 2012-06-13 15:16 -------- d-----w- c:\users\ALMOGUERRA\AppData\Local\temp
2012-06-13 14:27 . 2012-06-13 14:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-13 14:27 . 2012-06-13 14:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-13 14:27 . 2012-06-13 14:27 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-13 14:27 . 2012-06-13 14:27 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-06-13 14:27 . 2012-06-13 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 19:57 . 2012-06-12 19:57 -------- d-----w- C:\_OTL
2012-06-12 06:29 . 2012-05-15 06:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A9264-B7F0-4D6B-A7AD-FE0C1B552583}\mpengine.dll
2012-06-12 04:46 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-12 04:46 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-12 04:46 . 2012-03-06 23:02 43864 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-12 04:46 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-12 04:46 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-12 04:46 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-12 04:45 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-12 04:45 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-06-11 03:07 . 2012-06-11 03:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-11 03:07 . 2012-06-11 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-22 00:46 . 2012-05-22 00:46 -------- d-----w- c:\users\ALMOGUERRA\AppData\Roaming\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 02:53 . 2012-04-11 01:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 02:53 . 2011-05-18 10:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 01:53 . 2012-04-11 01:53 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 20:56 . 2011-07-13 00:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 10:20 . 2010-04-25 14:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-12_21.41.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-16 23:30 . 2012-06-13 09:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-11-16 23:30 . 2012-06-12 20:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2008-01-21 02:23 . 2012-06-13 15:15 79796 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-13 15:15 92150 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-07 14:55 . 2012-06-13 15:15 22008 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3553525114-283763260-1387714544-1000_UserData.bin
- 2009-01-14 00:59 . 2012-06-12 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-14 00:59 . 2012-06-13 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 00:59 . 2012-06-12 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 00:59 . 2012-06-13 15:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 00:59 . 2012-06-13 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-14 00:59 . 2012-06-12 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-09 00:41 . 2012-06-02 23:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-09 00:41 . 2012-06-12 22:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-09 00:41 . 2012-06-02 23:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-09 00:41 . 2012-06-12 22:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-09 00:41 . 2012-06-12 22:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-09 00:41 . 2012-06-02 23:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-07 03:57 . 2012-06-12 02:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-07 03:57 . 2012-06-12 21:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-07 03:57 . 2012-06-12 21:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-07 03:57 . 2012-06-12 02:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 21:39 . 2012-06-12 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 15:12 . 2012-06-13 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-13 15:12 . 2012-06-13 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-12 21:39 . 2012-06-12 21:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-01-21 03:20 . 2012-06-12 21:39 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-06-13 15:12 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 12:46 . 2012-06-12 21:46 653876 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-06-12 20:11 653876 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-06-12 21:46 122330 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-06-12 20:11 122330 c:\windows\system32\perfc009.dat
- 2011-07-13 01:40 . 2012-06-12 21:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-07-13 01:40 . 2012-06-13 15:13 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-21 03:20 . 2012-06-12 21:39 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-13 15:12 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-12 21:39 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-06-13 15:12 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"cdloader"="c:\users\ALMOGUERRA\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DigiDo"="c:\program files (x86)\TWC\DigiDo\DigiDo.exe" [2010-07-28 6870376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 03:10]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 03:10]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000Core.job
- c:\users\ALMOGUERRA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 03:41]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553525114-283763260-1387714544-1000UA.job
- c:\users\ALMOGUERRA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 03:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-11-12 6407200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-31 15880224]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-31 82464]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\TWC\DigiDo\AffinegyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-06-13 10:23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 15:23
ComboFix2.txt 2012-06-12 21:49
ComboFix3.txt 2011-12-19 03:13
.
Pre-Run: 868,738,478,080 bytes free
Post-Run: 869,292,617,728 bytes free
.
- - End Of File - - B6AB98BAC0DD4B4F6BFC6A1E3E4B2B73

Edited by RESBAK, 13 June 2012 - 09:30 AM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was windows try to protect the infected system file :)

Looks much better - did you manage to remove the babylon from chrome ?

What problems are outstanding ?
  • 0

#11
RESBAK

RESBAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes, I got the Babylon search removed. Looks like so far so good, I asked my friend to try it out for a day and looks like he haven't had any issues :D
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP